Digital content can easily and efficiently be delivered through any type of suitable network, such as a cable network, satellite and/or a computer network. Frequently, digital content is broadcast or multicast to many end users over the network. Optionally, digital content can also be efficiently delivered to individual users upon request.
However, in order for digital content to be effectively delivered to users in the context of usage rights or a commerce system, a number of mechanisms need to be provided. In particular, the digital content should be secure against theft, such that only authorized users can retrieve and consume the digital content. Furthermore, access to the digital content needs to be controlled, both against unauthorized use and also optionally to permit access to be linked to other mechanisms, such as payment schemes for example. Other types of control may include determination of an expiration time and date, limitations on the number of displays, and so forth. Such control of the access to the digital content may be generally described as digital rights management.
Failure to protect “Digital Rights” is more damaging than infringement of the same rights when applied to older, “analog” content. The reason is that older forms of content storage and transmission are subject to “generational degradation”, where each processing step decreases the quality of the next generation of the product. Digital systems do not, in the main, suffer from such generational degradation. Pirated content may therefore offer exactly the same quality as original material, such that unauthorized users may more effectively infringe digital rights with copied material.
The term “digital rights management” may optionally cover a multitude of rights, which are granted to authorized users. These rights are defined according to a plurality of rules, which regulate the circumstances under which a user is authorized to access the content. These rights may include viewing the content, storing the content, reproduction of the content, excerpting portions of the content, modifying the content, copyrights, access/usage rights, resell/transferring and so forth. These rights may be divided into a number of different phases including specification, packaging (binding the rights to content), delivery, and enforcement in the consumption environment.
Even an authorized user may have only a portion of these rights; for example, the user may be authorized to view and store the content, but not reproduce or modify the content.
In order to prevent unauthorized users from abusing these usage rights, and/or to prevent authorized users from unauthorized use of the rights, the digital content should be protected by some type of security mechanism. Examples of security mechanisms include, but are not limited to, encryption and scrambling of the content. U.S. Pat. Nos. 5,282,249 and 5,481,609 to Cohen et al., which are hereby incorporated by reference as if fully set forth herein, disclose one exemplary system, which enables secure content to be broadcast widely, yet only to be played back or otherwise displayed by authorized users. This signal could contain a television program for example. The signal is scrambled, such that the authorized users are able to unscramble the signal and play back or otherwise display the media content only with the proper security device, such as a smart card for example. Thus, widely received media content is still protected from access by unauthorized users.
Another example of such a security mechanism is described in published European Patent Application No. EP 0858184 and corresponding U.S. Pat. No. 6,178,242 to Tsuria, which disclose a digital recording protection system and which are hereby incorporated by reference as if fully set forth herein. The disclosed system enables the digital content to be sent in a scrambled format, such that the digital content cannot be read and/or displayed without a key. The key is obtained from a control message, which is only sent to authorized users. Preferably, the key is obtained from coded information contained within the Entitlement Control Message, or ECM, for generating a code word associated with the ECM. Thus, only authorized users are able to correctly read and/or display the digital content.
In addition, the system and method described in European Patent Application No. EP 0858184 enable the authorized user to record and playback or otherwise display the digital content, while preventing the user from producing and distributing multiple playable copies of the digital content to other, non-authorized users. Therefore, the authorized user is able to fully use and enjoy the digital content, while the content itself is still protected from unauthorized use.
Unfortunately, the above exemplary systems, as well as other currently available systems, are still at least potentially vulnerable to a concerted attack by “hackers”. Their general method is to become an authorized user, therefore gaining access to a working client of the DRM system. Using the open nature of the client platform (for example, the Intel™ IA32 family of hardware and compatible hardware, Microsoft Windows™ operating system) obtain enough information about the working of the DRM system to be able to create a “hack”. The hack is distributed to any number of unauthorized users, enabling them to have access to the content without compensating its rightful owners. The key to the hacker's attack is therefore the ability to create an “untrusted” client, who actually has internal (granted) ability to play back the digital content, as opposed to the assumption made by most cryptographic and other security models, which is that attacks on secured content are made by non-clients.
The number of hackers capable of obtaining, understanding and subverting (“reverse engineering”) the working information of a DRM system is large, but is insignificant compared to the potential audience for valuable content. Hence, it is the combination of the existence of a hack and the ability to distribute it which constitutes a monetary threat to the owners of digital rights.
Computer network distribution modes are most threatening, since they enable zero-cost, “instant”, worldwide reach. At the same time Internet distribution is subject to bandwidth limitations, especially in the upward direction of asymmetric networks such as ADSL, satellite and cable. There are at least two separate cases of hacking to be considered: redistribution of unprotected or clear content, or distribution of software and/or data for facilitating unauthorized use of the protected content.
Some kinds of content—for example, MP3-coded audio—are sufficiently small so that they may be feasibly redistributed through such current technology channels. Thus, most of the present rampant music piracy occurs through redistribution (“sharing”) of MP3-compressed music originally distributed digitally on CD's. The technical enabler to ubiquitous piracy is “ripping” software that grabs the digital audio and compresses it to a manageable size, and also provides the redistribution of corresponding player software (and hardware). For example, the “hack” may be the freely distributed, easy-to-use “ripping” software.
Valuable video content (for example, high-quality movie) is typically much larger in size than audio, even when compressed. Although at present there is a lower likelihood of digital video redistribution through the Internet, a different hack distribution mode is more likely to appear once the availability of broadband and/or other large bandwidth “pipes” becomes widespread. That mode involves widespread distribution of a relatively small package that enables an unauthorized client to access the content from its original source distribution. Depending on the DRM system and on the hacker's capabilities that package may contain descrambling keys for the content, modified player software, a “patch” that modifies the original software, a forged license identifying the client as a legitimate one, or a “spoof” that tricks the DRM software to accept the unauthorized client as authorized. Similar hack packages may enable legitimate users, or at least users with some authorization to access the content, to extend their rights to the content in an unauthorized manner (for example, permanently storing, and then viewing multiple times, a movie to which access has been rented for a single showing).
Given the ability of hackers to grab content and to redistribute this content through computerized networks, various security mechanisms have been proposed for protecting the distribution of content through such networks. An example of security which protects the content for distribution through computerized networks features software envelopes, which protect the content (G. Griswold, “A Method for Protecting Copyright on Networks”, http://www.cni.org/docs/ima.ip-workshop/Griswold. html as of Nov. 14, 2000). The software envelope determines if a user is authorized, and will only decrypt the content for display, print or copying if such authorization is approved. The content is distributed with the software envelope as a wrapper. Similarly, the Cryptolopes™ concept (IBM Corp., USA) concerns providing a portable wrapper for encrypted content, which includes terms and conditions for accessing the content within the wrapper. Again, only authorized users would be allowed to access the encrypted content. According to another variation of this concept, the parts of the encryption key may also be encrypted and incorporated within the wrapper, as disclosed in U.S. Pat. No. 5,673,316 to Auerbach et al.
Information hiding may be used to add hidden watermarks to data, or even to block unauthorized reproduction, for example in combination with a software program for accessing the data, which is able to detect an unauthorized copy through these watermarks. Steganography concerns hiding the data to be protected itself, typically within other data. Various methods are known for hiding information (see for example “Information Hiding—A Survey”, Proceedings of the IEEE, vol 87, p 1062-1078, July 1999). The authorized user is able to select the information of interest from the surrounding noise, or data which is not of interest.
Current implementations of encryption or information “hiding” are not completely suitable for protecting data and/or software code against untrusted client attacks. Encryption is mainly designed for protection of actual transmission of the content, rather than for protection against access by untrusted clients, who can watch every step of the decryption process, extract keys etc. Attempts are made to obfuscate the client software so to make understanding of such software more difficult, and various measures are taken to prevent use of debugging tools such as CompuWare NuMega SoftIce ™. However all such attempts have currently failed to achieve the desired protection, mainly due to the open nature of the hardware and software platforms, and the availability of diverse software tools designed to allow debugging of complex programs, and hence of reverse engineering. More than that, the effectiveness of conventional obfuscation schemes is often reduced by the efficiency of modern commercial tools such as the IDA disassembler from DataRescue™, and—once a given obfuscation method is understood—hackers are often able to build special-purpose software tools to assist in defeating it.
PCT Application No. WO 00/77597 of Cloakware Corporation describes a method for protecting software code against tampering and reverse-engineering, by increasing the difficulty of understanding and reverse-engineering the code by observing its execution. The method suffers from the drawbacks of being useful for software code only, and not for content, and also of being suitable for protection only against a particular type of attack.
PCT Application No. WO 00/77596 of Cloakware Corporation describes a method for protecting software code for performing the DES (Digital Encryption Standard) encryption method. DES is characterized by the performance of multiple loops. The disclosed method converts these loops into a directed acyclic graph, which is then further obscured. The directed acyclic graph contains redundant information, which appears to be relevant, and which cannot be easily distinguished from the actual information required to execute the DES encryption method. Also, the cryptographic key itself can be hidden. The disclosed method is suitable for software programs, such as DES, which have one or two strongly distinguishing features: in the case of DES, this feature is the presence of multiple loops. However, the disclosed method is not as generally useful for software programs which lack such features, and certainly would not be useful for general data.
Another attempted solution which is intended for use with software programs is disclosed in U.S. Pat. No. 5,892,899 to Aucsmith et al., which distributes a secret required to operate the program in space and time; obscures the code of the program itself; and isolates particularly sensitive functions for further obfuscation or other types of protection. This attempted solution is less useful for distribution of software code to a large number of users, for example by broadcast through a network, since the key or mechanism to access the obscured code must also be made available to authorized users. This key or access mechanism then becomes vulnerable to unauthorized access and redistribution, as previously described.
Similarly, the protection method for software code which is disclosed in U.S. Pat. No. 5,544,244 to Agura is also vulnerable in terms of unauthorized access to the key. Furthermore, neither of these disclosed methods are suitable for the protection of content.
PCT Application No. WO 01/79969 of Cloakware Corporation discloses a method for protecting general data, by storing data in random actual addresses. These addresses are mapped to virtual addresses, such that the data can be retrieved. Although the method attempts to protect data, in fact it represents a relatively simplistic protection scheme. Furthermore, this protection scheme may be suitable for stored data, but is not suitable for transmitted data, as random storage through a memory or storage device is not effective for data transmission.
The disclosures of all references mentioned above and throughout the present specification are hereby incorporated herein by reference.